vulnerability

SUSE: CVE-2025-24030: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:A/AC:L/Au:N/C:P/I:N/A:C)	Jan 23, 2025	Feb 3, 2025	Dec 5, 2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:P/I:N/A:C)

Published

Jan 23, 2025

Added

Feb 3, 2025

Modified

Dec 5, 2025

Description

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.

Solution

suse-upgrade-govulncheck-vulndb

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report